The Agora => UK & World News => Going Geek info => Topic started by: Maik on Friday, 10 January, 2014 @ 12:34:29

Title: Mac attack
Post by: Maik on Friday, 10 January, 2014 @ 12:34:29
In 2011, Intego’s Malware Research Team discovered OSX/Flashback.A, a trojan horse that used social engineering to trick users into installing a malicious Flash player package. Then in early 2012, Flashback spread to infect up to 600,000 machines, as new variants were using Java exploits and drive-by downloads. Today, our latest research shows that the Flashback botnet is adrift and still in the wild.

Once installed on a Mac, Flashback created a backdoor, allowing it to take almost any activity on the infected machine. Users with infected Macs are at risk of being exposed to an almost limitless variety of malicious actions, as hackers can access infected Macs and snoop on the user, copying usernames and passwords, and more.

Now in 2014, it appears the Flashback botnet is silently adrift and still in the wild.

Beginning January 2, we studied those domains and our sinkhole servers recorded all connections from Macs where Flashback is still active and trying to contact the C&C servers.

After recording for five days, we counted at least 22,000 infected machines. As of this morning, we counted 14,248 unique identifiers of the latest Flashback variants.

Intego strongly encourages all Mac users to verify that their machine is not infected with Flashback.
Title: Re: Mac attack
Post by: Maik on Tuesday, 21 January, 2014 @ 13:42:46
Data-stealing malware targets Mac users in "undelivered courier item" attack

Let's hope this malware reminds OS X users of a few simple truths that some Mac fans still seem willing to ignore:

    Mac malware is unusual, but not impossible.
    Data thieves are interested in what Mac users have on their computers.
    Mac malware doesn't have to ask for a password before running.
    Mac malware can run directly from a download without an installation step.
    Bots and RATs are particularly pernicious because they can update and adapt their behaviour after you are infected.
Title: Re: Mac attack
Post by: Maik on Tuesday, 25 February, 2014 @ 15:48:37
Apple users in security warning

Users of Apple's OS X operating system are being warned to take care when browsing online as they wait for a solution to a security flaw.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It relates to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

He advised users to take care when using the web and consider using an alternative browser to Safari until the problem was fixed.

He also urged users of Apple's mobile devices to upgrade to the latest iOS version as soon as possible and for OS X users to keep their eyes open for a security update and to implement it as soon as it was available.

Title: Re: Mac attack
Post by: Maik on Wednesday, 26 February, 2014 @ 15:04:20
Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.
Title: Re: Mac attack
Post by: Maik on Thursday, 27 February, 2014 @ 17:53:43
Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system...

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support.
Title: Re: Mac attack
Post by: Maik on Sunday, 23 March, 2014 @ 11:44:08
10 years of Mac OS X malware (http://www.welivesecurity.com/2014/03/21/10-years-of-mac-os-x-malware/)

Apple users: Try these five tips for better Mac security (http://nakedsecurity.sophos.com/2014/03/21/apple-users-try-these-five-tips-for-better-mac-security/)
Title: Re: Mac attack
Post by: Maik on Sunday, 07 September, 2014 @ 15:20:15

Some big names in the AV world don't look to work so well on detecting Mac malware but the Avast freebie does a good job, according to AV-TEST.org and reported on in this article in The Register:
Mac security packages range from peachy to rancid – antivirus tests (http://www.theregister.co.uk/2014/09/04/mac_anti_virus_test/)
 - a result backed-up in this September test of Mac AVs by av-comparatives.org (http://www.av-comparatives.org/wp-content/uploads/2014/09/mac_review_2014_en.pdf)
Title: Re: Mac attack
Post by: Maik on Thursday, 02 October, 2014 @ 14:03:47
Researchers at Russian anti-virus company Dr Web believe that they have uncovered a new botnet, which has recruited thousands of Mac computers.

According to their report, the sophisticated malware – which they have dubbed Mac.BackDoor.iWorm – has infected more than 17,000 computers running OS X.

Computers that have been hijacked could have information stolen from them, further malware planted upon them, or be used to spread more malware or launch spam campaigns and denial-of-service attacks.
Title: Re: Mac attack
Post by: Maik on Tuesday, 09 December, 2014 @ 20:17:06
The average Apple Mac user encountered nine cyber threats during 2014, according to new research from antivirus and internet security company Kaspersky Lab, with a total of 1,499 new malicious programs for Mac OS X detected during the year – 200 more than in 2013.

According to Kaspersky's Security Bulletin for 2014, every second user of Kaspersky Lab's products for Mac OS X was exposed to a malicious attack, with a total of 3,693,936 infection attempts blocked.

Almost half of the top 20 Mac threats identified were occupied by AdWare programs, which automatically render advertisements on victims' computers in order to generate ad impressions and ultimately revenue for the author of the AdWare.

As a rule, these malicious programs arrive on users' computers alongside legitimate programs if they are downloaded from a software store rather than from the official website of the developer.

 Among the other Mac threats detected were:

• A software backdoor that provides the fraudster with remote access to the system and at the same time steals contact lists to find new victims
• A malicious program which makes screenshots every minute
• A Trojan spy with a hidden remote control function that intercepts keystrokes
• A malicious program designed to steal bitcoins for OS X
• A piece of malware that attacks not only Mac-based computers but iOS-based devices connected to them to steal data

"Over the past few years, we’ve discovered more and more malicious samples targeting Mac devices. Yet, there still remains a common misconception that Mac OS X is safe from malware and viruses," said David Emm, principal security researcher at Kaspersky Lab.
Title: Re: Mac attack
Post by: Maik on Saturday, 06 June, 2015 @ 15:54:44
Mac's sleep mode vulnerability rated critical by Symantec

The security flaw could allow attackers to install malware able to survive hardware formatting.

A 30 Second Nap Could Be All a Hacker Needs to Rootkit Your Mac
Title: Re: Mac attack
Post by: Maik on Wednesday, 17 June, 2015 @ 14:36:31
Apple CORED: Boffins reveal password-killer 0days for iOS and OS X
Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome.

Lead researcher Luyi Xing told El Reg he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing.
Title: Re: Mac attack
Post by: Maik on Thursday, 18 June, 2015 @ 00:53:49
MacKeeper - a(nother) reason not to use it

Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of.

MacKeeper has been described by various sources as highly invasive malware* that can de-stablize your operating system, adding that it is unethically marketed, with a history of making false advertising claims... and a rip-off.

There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.
Title: Re: Mac attack
Post by: Maik on Thursday, 23 July, 2015 @ 14:09:17
Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

You can bypass Apple's space-age security and gain administrator-level privileges on an OS X Yosemite Mac using code that fits in a tweet.

Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability.

This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5. If you upgrade to the El Capitan beta (OS X 10.11), you'll be free from the vulnerability as Apple has already fixed it in that preview beta. Once again, if you keep up with Cupertino and install (or buy) the very latest stuff, you'll be rewarded.
Title: Re: Mac attack
Post by: Maik on Wednesday, 05 August, 2015 @ 08:54:13
Apple bug Thunderstrike 2 leaves Macs vulnerable to worm, could give hackers control of computers and go entirely undetected

Security researchers have found a vulnerability that would let them take control of Apple’s Mac computers and spread to other computers.

Apple’s computers have long been said to be much more secure than PCs, and for a long time were advertised as not being able to get viruses. But the researchers claim to have created the first attack that would be able to spread from computer to computer, taking control of them as they go.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Xeno Kovah, one of the researchers who designed the worm, told Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”

'I love Apple products, I just wish they were secure'

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.

Title: Re: Mac attack
Post by: disco69 on Wednesday, 05 August, 2015 @ 18:30:07

Security researchers have found a vulnerability that would let them take control of Apple’s

'I love Apple products, I just wish they were secure'

I Love cider , i just wish it was secure too,  :rofl:
Title: Re: Mac attack
Post by: Maik on Thursday, 06 August, 2015 @ 16:18:54
Creating malicious software that can attack Apple Mac computers is "trivial", a leading security researcher has claimed.

Patrick Wardle, from security firm Synack, demonstrated several new types of malicious software that bypassed Apple's security measures.

In one example, Apple's own iCloud service could control an attack.

The threats are known to Apple, Mr Wardle said, but the company has not yet commented on the research.

While Windows is still overwhelmingly attackers' platform of choice, antivirus firm Kaspersky Labs recorded a surge in Apple malware in the past couple of years.

"I'm convinced that OS X security is lacking." "It's trivial to write new OS X malware than can bypass everything."

Mr Wardle had strong criticisms of Apple's built in antivirus program, XProtect. The software, which detects and blocks known malware, warning the user in the process, could be tricked by essentially renaming the malware.

The researcher also tested various different paid antivirus products on the market, and concluded that they suffer similar problems as XProtect.
Title: Re: Mac attack
Post by: Maik on Friday, 02 October, 2015 @ 11:57:32
Researcher demonstrates how malware can bypass OS X’s “completely broken” Gatekeeper
Title: Re: Mac attack
Post by: Maik on Saturday, 16 January, 2016 @ 10:13:31

Apple Keeps Leaving Macs Open To Malware -- But Whitehat Hackers Have Your Back

Apple employed a Gatekeeper for its Macs to do one job: keep unsigned, unverified software out. It might be time to fire Gatekeeper, or hire a new one, as its failures have again been shown up by Patrick Wardle, ex-NSA staffer and head of research at bug hunting firm Synack.

In September last year, Wardle took advantage of a flaw in Gatekeeper that allowed unsigned malicious apps to execute. Wardle noticed Gatekeeper only checked the signature of the first application that was executed by the user. If this verified application executed another slice of code, the latter was not checked by Gatekeeper and could pass through unsigned. By uncovering several Apple-signed apps that once executed would look for other files to launch, he could complete the attack. In his proof of concept, he packaged both the Apple-signed and unsigned, malicious code into one seemingly legitimate download.

The malicious file could do anything an attacker wanted, such as spy on the user, steal passwords or record Skype calls. To fix this, Apple simply blacklisted the files Wardle abused. This wasn’t effective at preventing attacks. Wardle could simply find other Apple-signed code that let him do the same, which he duly did. “It took me two minutes to get round their patch,” said Wardle.
Title: Re: Mac attack
Post by: Maik on Saturday, 06 February, 2016 @ 10:31:22
Fake Flash Player Update Infects Macs with Scareware
Title: Re: Mac attack
Post by: Maik on Monday, 07 March, 2016 @ 18:18:42
Apple Macs targeted by KeRanger ransomware for first time
Experts say some Macs may have their files encrypted on Monday if computer has been infected

Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks have revealed.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Title: Re: Mac attack
Post by: Maik on Thursday, 24 March, 2016 @ 16:37:16
Researchers find hole in SIP, Apple’s newest protection feature

To exploit this vulnerability, an attacker must first compromise the target system. This could be accomplished via a spear-phishing attack, or by exploiting the user’s browser, for example.

So the vulnerability only comes into play as part of a multi-part attack, a combination punch, rather than as a stand-alone exploit.
Title: Re: Mac attack
Post by: Maik on Thursday, 21 July, 2016 @ 13:32:57
Users of iPhones and Macs must update to avoid Stagefright-like bug

The good news is that Apple issued fixes for the problem earlier this week. If you have already updated your systems to iOS 9.3.3, tvOS 9.2.2, watchOS 2.2.2, and El Capitan v10.11.6 then you have done the right thing.
Title: Re: Mac attack
Post by: Maik on Friday, 02 September, 2016 @ 17:23:47
Apple has now quietly rolled-out a further security update revealing that the zero-day flaws are also present in Apple's OS X desktop operating system, as well as the desktop version of their OS X Safari browser.

My advice to Apple users? Make sure that your Macs, MacBooks, iPhones and iPads are up-to-date.
Title: Re: Mac attack
Post by: Maik on Tuesday, 25 October, 2016 @ 17:40:04
It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV.

Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out.
Title: Re: Mac attack
Post by: Maik on Tuesday, 18 July, 2017 @ 02:50:48
Malware installs Signal as part of scheme to steal Mac users' banking credentials
A harbinger of ported threats to come for Mac users?

New Mac malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials.

The threat, which goes by the name OSX/Dok, uses phishing mail laden with a malicious application as its attack vector. Those who crafted this campaign purchase Apple certificates (US $99) to sign their malicious application. Such willingness helps the malware bypass Gatekeeper's ever-watchful gaze.
Title: Re: Mac attack
Post by: Maik on Thursday, 27 July, 2017 @ 14:43:54
New details emerge on Fruitfly, a near-undetectable Mac backdoor

The malware went largely undetected for several years and is only detectable on a handful of security products, but the "fully featured" Mac backdoor can take control of an entire computer.

The number of cases of malware targeting Macs is continuing to surge, growing by 53% over just the first quarter of 2017, according to an analysis from security firm McAfee. And throughout 2016, it grew by a massive 744%.

The reason for this huge and continued growth is adware bundling, McAfee says.

In other words, people are installing apps that come bundled with dodgy software ("adware") that sticks ads on their computer. It's invasive, but it's not necessarily as catastrophic as other types of malware — like ransomware, which encrypts your data and forces you to pay a ransom to get it back (though multiple kinds can come bundled together, of course).

The growth in Mac malware, while alarming, is still nothing compared to the amount of malware for Windows that McAfee identified.
Title: Re: Mac attack
Post by: Maik on Friday, 06 October, 2017 @ 13:05:55
Crazy but true – Apple’s “show hint” button reveals your actual password

It’s only eight days since Apple’s latest and greatest macOS 10.13 release, better known as High Sierra.

But the first security update has already come out, and we suggest you apply it urgently.
Title: Re: Mac attack
Post by: Maik on Wednesday, 29 November, 2017 @ 10:54:45
Apple rushes to fix major password bug

Apple has said it is working to fix a serious bug within its Mac operating system.

The flaw in MacOS High Sierra - the most recent version - makes it possible to gain entry to the machine without a password, and also have access to powerful administrator rights.

Considering the power it gives, the bug is remarkably simple, described by security experts as a "howler" and "embarrassing".

User-applied workaround fix in link above, or here (https://nakedsecurity.sophos.com/2017/11/28/apple-macs-have-gaping-root-hole-heres-a-superquick-way-to-check-and-fix-it/).
Title: Re: Mac attack
Post by: Maik on Wednesday, 29 November, 2017 @ 20:27:29
Apple apologises and fixes security flaw

Apple has pushed out an update to fix a major security hole in its Mac operating system, admitting it “stumbled” with its latest software.

The flaw, revealed on Tuesday, made it possible to access a Mac without a password, and also have access to powerful administrator rights.

The latest version of MacOS will automatically download the update.

Users running older versions of MacOS will see a notification prompting an upgrade.
Title: Re: Mac attack
Post by: Maik on Thursday, 30 November, 2017 @ 14:07:44
Apple breaks file sharing on Macs while fixing 'huge' password security flaw

The company quickly acknowledged the problem, releasing a support document (https://support.apple.com/en-us/HT208317) guiding users through how to fix the problem caused by the critical bug patch. Unfortunately, to perform the necessary repair, users have to use an advanced feature of the operating system called the Terminal and perform command line actions:

            Open the Terminal app, which is in the Utilities folder of your Applications folder.
            Type sudo /usr/libexec/configureLocalKDC and press Return.
            Enter your administrator password and press Return.
            Quit the Terminal app.

Despite the straightforward explanation and commands provided by Apple, many Mac users will not have experience of running commands within Terminal, a program designed to give advanced users direct, text-based access to underlying systems within macOS.
Title: Re: Mac attack
Post by: Maik on Friday, 05 January, 2018 @ 15:39:19
Meltdown and Spectre: All Macs, iPhones and iPads affected

Apple has said that all iPhones, iPads and Mac computers are affected by two major flaws in computer chips.

It said there was no evidence that either vulnerability had been exploited yet, but advised downloading software only from trusted sources to avoid "malicious" apps.
Title: Re: Mac attack
Post by: Maik on Wednesday, 17 January, 2018 @ 10:52:13
Beware! A new bug can crash iOS and macOS with a single text message
Title: Re: Mac attack
Post by: Maik on Saturday, 03 February, 2018 @ 14:21:06
New Mac cryptominer distributed via a MacUpdate hack

Early this morning, security researcher Arnaud Abbati of SentinelOne tweeted about new Mac malware being distributed via MacUpdate. This malware, which Abbati has named OSX.CreativeUpdate, is a new cryptocurrency miner, designed to sit in the background and use your computer’s CPU to mine the Monero currency.  ......

Finally, be aware that the old adage that “Macs don’t get viruses,” which has never been true, is proven to be increasingly false. This is the third piece of Mac malware so far this year, following OSX.MaMi and OSX.CrossRAT. That doesn’t even consider the wide variety of adware and junk software out there. Do not let yourself believe that Macs don’t get infected, as that will make you more vulnerable.

Hat tip to Madeline (http://forum.webuser.co.uk/showpost.php?p=1193530) for that one
Title: Re: Mac attack
Post by: Maik on Wednesday, 13 June, 2018 @ 02:13:09
15-year-old Mac security flaw left millions of Apple customers vulnerable to hackers

Apple customers have been warned that they may have been exposed to hackers “hiding in plain sight” on their Mac devices after a 15-year-old vulnerability was discovered by a cyber security researcher.

The exploit could allow a hacker to install malicious software on devices like MacBooks to access personal, financial and sensitive insider information by fooling security products into thinking it is safe.

This would enable hackers to circumvent antivirus protection by pretending to be Apple, using a technique called “code signing” and sit on the device for years without the owner knowing.

According to the The Register (http://www.theregister.co.uk/2018/06/12/apple_code_signing_flaw/),

The trick is quite subtle and relies on a number of preconditions – so exploitation would be difficult in practice. Okta has no evidence of the flaw ever being abused, which isn't to say it's a non-issue, only that it's not exactly a gaping hole.

Okta (https://www.okta.com/blog/2018/06/i-snuck-a-bad-apple-into-the-basket-and-nobody-noticed/), the people who discovered it, seem to see things a little differently:

By exploiting this vulnerability, threat actors can trick even the most security-savvy people and bypass a core security function that most end users don’t know or think about as they go about their digital activities. And, with the proliferation of apps for the workplace and personal use in everybody’s daily lives, bad actors can easily abuse this vulnerability.
Title: Re: Mac attack
Post by: Maik on Wednesday, 12 September, 2018 @ 15:17:34
No.1 Adware Removal Tool On Apple App Store Caught Spying On Mac Users

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China.

What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app.

The app in question is "Adware Doctor," the Mac App Store No. 1 paid utility and also ranked as the fourth most popular paid app on the store, which sells for $4.99 and markets itself to be the "best app" to prevent "malware and malicious files from infecting your Mac."

Apple Removes Several Trend Micro Apps For Collecting MacOS Users' Data

Apple has removed almost all popular security apps offered by well-known cyber-security vendor Trend Micro from its official Mac App Store after they were caught stealing users' sensitive data without their consent.

The controversial apps in question include Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, App Uninstall, Dr. Battery, and Duplicate Finder for Mac computers.

The apps were removed just two days after Apple kicked out another popular "Adware Doctor" application for collecting and sending browser history data from users' Safari, Chrome, and Firefox to a server in China.

The suspicious behavior of Trend Micro apps was initially reported by a user on the Malwarebytes forum in December 2017.
Title: Re: Mac attack
Post by: Maik on Thursday, 06 December, 2018 @ 17:25:02
It's December 2018, and a rogue application can still tell your Apple Mac: I'm your El Capitan now
iOS, macOS, tvOS, Safari, and anyone for some reason using iTunes on Windows – get patching